Privacy Policy

Introduction

Your privacy is important to me, and you can be confident that your personal information is kept safe and secure and only used for the purpose for which it was given to me. I adhere to current data protection legislation, including the General Data Protections Regulation (EU/2016/679) (GDPR), the Data Protection Act 2018, and Privacy and Electronic Communications (EC Directive) Regulations 2023.

This privacy notice tells you what I do with your personal information from initial point of contact through to after your treatment has ended:

  • Why I am able to process your information and for what purpose I am processing it.
  • Whether you have to provide it to me.
  • How long I store it for.
  • Whether there are other recipients on your personal information.
  • Whether I intend to transfer it to another country.
  • Whether I do automated decision-making or profiling.
  • Your data protection rights.

I am happy to answer any questions you might have about my data protection policy, and you can contact me on 07908 710151 or at deborah@justbecounsellingandwellbeing.co.uk.

Data Controller is a term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office. Registration Number-ZC121748.

My postal address is: Kidderminster, Worcestershire, DY10. My phone number is: 079O8 710151. My email address is: deborah@justbecounsellingandwellbeing.co.uk.

Lawful basis for holding and using your personal information

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below.

I use legitimate interest as my lawful basis for holding and using your personal information if you have a treatment with me and it has now ended.

I process your personal data where it is necessary to complete your consultation form and treatment agreement if you are currently having a treatment or if you are in contact with me to consider a treatment.

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called “special category” personal information. The initial lawful basis for me processing any special categories of personal information is consent. I retain treatment records in case I need to reference them in the future (the official basis is to defend against potential legal claims).

How I use your information

Initial contact

I collect information to help me satisfy your enquiry when you contact me with an enquiry about treatment services. This includes: Name, consent for your preferred safe method of contact, Email Address, Telephone number.  Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf.

I ensure all your personal data is deleted within two weeks if you decide not to proceed. Just let me know if you would like me to delete this information sooner.

Treatment assessment

Everything you discuss with me is confidential. Confidentiality is only be broken to prevent harm to yourself and others. I always try to speak to you first, unless there are safeguarding issues that prevent this and I still have concerns for your welfare. I am legally required to break confidentiality in the case of a disclosure concerning the Terrorism Act, Children’s Act, duties of care, safeguarding, and any information specific to money laundering or drug trafficking. Such disclosures will be passed to the relevant authority without delay.

I may have to share information with a court of law if I am issued with a court order.

I keep a record of your personal details to help the treatment services run smoothly. The personal details are: Name, Age, Date of Birth, Address, Postcode, Email Address, Telephone Number, GP Address and Number, Emergency Contact (name, number, relationship), Relevant Medical History, conditions and/or symptoms, General health. Your personal contact details are if I have any concerns over your welfare or in case of an emergency including medication or have any health issues that may impact on the treatment session.

I request permission to send emails, text or call.

I discuss with you how much information you would like me to share in case of emergency, with details of medications.

I keep personal details securely on your consultation form. They are stored in a lockable and number coded, fireproof and waterproof document box, in a locked cupboard inside a locked office and are not shared with any other third party.

I keep an anonymised contact name and code number in my phone, so you are not identifiable. My business number and email are on a separate phone from my personal phone. My phone is password-protected and uses face recognition.

I protect your confidentiality and privacy.

For security reasons, I do not retain text messages for more than the length of your treatment. I print and retain in with your consultation notes if there is relevant information contained in a text message. Likewise, any email correspondence is deleted after the treatment is complete if it is not important. If necessary, I print off and retain in with your consultation notes. 

Once your treatment has ended your records are kept for 5 years and are then securely destroyed. Please tell me if you want me to delete your information sooner than this. My deletion process is by shredding.

Third-party recipients personal data

I sometimes share personal data with third parties, for example where I have contracted with a supplier to carry out specific tasks. This includes Microsoft 365, and I must be registered with HMRC for tax and National Insurance purposes. My accountant has access to my business banking transactions and is covered by his own code of conduct.

I have carefully selected which partners I work with in such cases. I take great care to ensure that I have a contract with the third party that states what they are allowed to do with the data I share with them. I ensure they do not use your information in any way other than the task for which they have been contracted.

Your rights

You have the right to ask me to delete your information, to limit how I use your personal information, or to stop processing your personal information. You also have the right to ask for a copy of any information that I hold about you and object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.

If I hold information about you I will:

  • give you a description of it and from where it came.
  • tell you why I am holding it, tell you how long I store your data and how I made this decision.
  • tell you to whom it could be disclosed.
  • let you have a copy of this information in an intelligible form.

You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.

To make a request for any personal information I may hold about you, please put the request in writing addressing it to deborah@justbecounsellingandwellbeing.co.uk.

If you want to make a formal complaint about the way I have processed information you can contact the Information Commissioner’s Office (ICO), a statutory body that oversees data protection law in the UK. For more information, go to ico.org.uk/make-a-complaint or call O303 123 1113.

I am legally required to record and report any personal data breach within 72 hours to the ICO.

Data security

I take the security of the data I hold about you very seriously and, as such, I take every effort to make sure it is kept secure in a lockable, number-coded fireproof and waterproof document box, in a locked cupboard inside a locked office. My phone has password protection and face recognition.

Visitors to my website

When someone visits my website, I use Google Analytics, a third-party web analytics service provided by Google LLC, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the website. This information is processed in a way that does not directly identify anyone. I do not make, and do not allow Google to make, any attempt to discover the identities of those visiting my website.

I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.

I use Google Analytics to help me continually improve my website and services. You can read Google’s Privacy Policy here:

policies.google.com/privacy

Like most websites, I use cookies to help the website work more efficiently and improve your experience when using the site. You can find out more about how cookies are used on this website by reading my Cookie Policy:

justbecounsellingandwellbeing.co.uk/cookie-policy/

No personally identifiable information is collected through Google Analytics, and the information collected is used only to understand how visitors use the website and to help improve the services offered. If you fill in a form on my website, that data is stored temporarily by my website hosting provider before being securely transmitted to me.

CCTV Policy

I care and value how I treat your personal information, and that includes footage captured on CCTV. We have a two-week retention policy for the CCTV footage.

You have the right to erase or edit anything you feel uncomfortable about in CCTV footage.

The CCTV is external only and not intrusive. The CCTV captures audio as well as images.

It is only be accessed if there is a lawful legitimate reason or a request for access.

Please be aware of talking about sensitive information when walking to the counselling room until in the privacy of the room. Please let me know your choice if you wish to speak or not at this point.

The camera angle is facing away from the counselling room and only captures what I need to and nothing more.

There are internal blinds for privacy inside the counselling room.

Signs are clearly visible that CCTV is in operation.

You can raise any queries or concerns you have about your personal data or footage, and I will respond appropriately to your request.

Lawful basis for gathering and using CCTV footage

I have responsibility for the CCTV.

The specific purpose for the CCTV is for health and safety reasons and protection of the client and myself while at the property. The CCTV is installed for security and as a deterrent, to protect the property and prevent crime.

Security measures

The upmost is done to keep CCTV footage secure and safe. Footage is accessed on my mobile phone, which is password protected and uses face recognition.

How long do I keep the data?

The data is kept for two weeks and deleted securely with a overwrite feature.

You have a right of access. This means that you can ask for a copy of your personal data including video recordings I hold of you. This is only for two weeks until footage is deleted by the overwrite system. I will deal with your request as soon as possible.

I can redact or remove footage where necessary.

Introduction

Your privacy is important to me, and you can be confident that your personal information is kept safe and secure and only used for the purpose for which it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (GDPR), the Data Protection Act 2018, and Privacy and Electronic Communications (EC Directive) Regulations 2023.

This privacy notice tells you what I do with your personal information from initial point of contact through to after your therapy has ended:

  • Why I am able to process your information and for what purpose I am processing it.
  • Whether you have to provide it to me.
  • How long I store it for.
  • Whether there are other recipients of your personal information.
  • Whether I intend to transfer it to another country.
  • Whether I do automated decision-making or profiling.
  • Your data protection rights.

I am happy to answer any questions you might have about my data protection policy, and you can contact me on: 07908710151 or at deborah@justbecounsellingandwellbeing.co.uk.

Data Controller is a term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the Data Controller is me. I am registered with the Information Commissioner’s Office. Registration Number-ZC121748.

My postal address is: Kidderminster, Worcestershire, DY10.  My phone number is:079O8 710151. My email address is: deborah@justbecounsellingandwellbeing.co.uk.

Lawful Basis

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below.

I use legitimate interest as my lawful basis for holding and using your personal information if you have therapy with me and it has now ended.

I process your personal data where it is necessary to perform our contract if you are currently having therapy or if you are in contact with me to consider therapy.

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called “special category” personal information. The initial lawful basis for me processing any special categories of personal information is consent. I retain counselling records in case I need to reference them in the future (the official legal basis is to defend against potential legal claims).

How I use your information

Initial Contact

I collect information to help me satisfy your enquiry when you contact me with an enquiry about counselling services. This includes Name, Consent for your preferred safe method of contact. Email Address, Telephone Number.  Alternatively, your GP or other health professional may send me your details when making a referral, or a parent or trusted individual may give me your details when making an enquiry on your behalf.

I ensure all your personal data is deleted within two weeks if you decide not to proceed. Just let me know if you would like me to delete this information sooner.

Counselling Assessment

Everything you discuss with me is confidential. Confidentiality is only broken to prevent harm to yourself and others. I always try to speak to you first, unless there are safeguarding issues that prevent this and I still have concerns for your welfare. I am legally required to break confidentiality in the case of a disclosure concerning the Terrorism Act, Children’s Act, duties of care, safeguarding, and any information specific to money laundering or drug trafficking. Such disclosures will be passed to the relevant authority without delay.

I may have to share information with a court of law if I am issued with a court order.

I keep a record of your personal details to help the counselling services run smoothly. The personal details are: Name, Age, Date of Birth, Address, Postcode, Email Address, Telephone Number, GP Address and Number, Emergency Contact (name, number, relationship), Relevant Medical History, including medication or any health issues that may impact on the counselling session, for if I have any concerns over your welfare or in case of an emergency.

I request permission to send emails, text or call.

I discuss with you how much information you would like me to share in case of an emergency, with details of medication.

I keep personal details securely and separately from your session notes. They are stored in a lockable and number-coded, fireproof and waterproof document box, in a locked cupboard inside a locked office and are not shared with any other third party.

I keep an anonymised contact name and code number in my phone, so you are not identifiable. My business number and email are on a separate phone from my personal phone. My phone is password protected and uses face recognition.

I protect your confidentiality and privacy. I make brief notes throughout our session in which I anonymise your name, for my reference only. I use these brief notes as reference to write up session notes. I anonymise your name and use a code number, so you are not identifiable. I keep written session notes with your initial assessment information, stored in a lockable and number coded, fireproof and waterproof document box, in a locked cupboard inside a locked office. The brief reference notes are securely shredded once they are written up.

For security reasons, I do not retain text messages after the counselling sessions are complete, contract and contact have ended, and I print and retain in your session notes if there is relevant information contained in a text message. Likewise, any email correspondence is deleted after the counselling sessions are complete, contract and contact has ended if it is not important. If necessary, I print off and retain in your session notes.

I have supervision once a month to discuss my work, so I am working to the best of my ability to be of help to you. I don’t have to identify who you are. My supervisor has specific experience and knowledge of working with your young people. The supervisor is bound by a code of ethics as regards confidentiality.

When the counselling contact ends your contract ends and is shredded. Only confidentiality remains. Your records are kept for 7 years from the end of our contact with each other and then securely destroyed. (7 years from a young person’s 18th birthday). Please tell me if you want me to delete your information sooner than this. My deletion process is shredding.

Therapeutic Will

Your name and contact details are shared with my Therapeutic Executor. This is so that you will be contacted on the event of my death or illness of sufficient severity to prevent me communicating directly with you, should you still be counselled by me. I keep a spreadsheet of my clients’ names and telephone numbers for this purpose. They are stored in a lockable and number-coded, fireproof and waterproof document box, in a locked cupboard inside a locked office.

Third-Party Recipients’ Personal Data

I sometimes share personal data with third parties, for example where I have contracted with a supplier to carry out specific tasks. This includes Microsoft 365, and I must be registered with HMRC for tax and National Insurance purposes. My accountant has access to my business banking transactions and is covered by his own code of conduct.

I have carefully selected which partners I work with in such cases. I take great care to ensure that I have a contract with the third party that states what they are allowed to do with the data I share with them. I ensure that they do not use your information in any way other than the task for which they have been contracted.

Your Rights

You have the right to ask me to delete your information, to limit how I use your personal information, or to stop processing your personal information. You also have the right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters

If I hold information about you I:

  • give you a description of it and where it came from.
  • tell you why I am holding it, tell you how long I store your data and how I made this decision.
  • tell you to whom it could be disclosed.
  • let you have a copy of this information in an intelligible form.

You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.

To make a request for any personal information I may hold about you, please put the request in writing addressing it to deborah@justbecounsellingandwellbeing.co.uk.

If you want to make a formal complaint about the way I have processed information you can contact the Information Commissioner’s Office (ICO), a statutory body that oversees data protection law in the UK. For more information, go to ico.org.uk/make-a-complaint or call 0303 1231113.

I am legally required to record and report any personal data breach within 72 hours to the Information Commissioner’s Office.

Data Security

I take the security of the data I hold about you very seriously and, as such, take every effort to make sure it is kept secure in a lockable, number-coded fireproof and waterproof document box, in a locked cupboard inside a locked office. My phone has password protection and face recognition.

Visitors to my website

When someone visits my website, I use Google Analytics, a third-party web analytics service provided by Google LLC, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the website. This information is processed in a way that does not directly identify anyone. I do not make, and do not allow Google to make, any attempt to discover the identities of those visiting my website.

I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.

I use Google Analytics to help me continually improve my website and services. You can read Google’s Privacy Policy here:

policies.google.com/privacy

Like most websites, I use cookies to help the website work more efficiently and improve your experience when using the site. You can find out more about how cookies are used on this website by reading my Cookie Policy:

justbecounsellingandwellbeing.co.uk/cookie-policy/

No personally identifiable information is collected through Google Analytics, and the information collected is used only to understand how visitors use the website and to help improve the services offered. If you fill in a form on my website, that data is stored temporarily by my website hosting provider before being securely transmitted to me.

CCTV Policy

I care and value how I treat your personal information and that includes footage captured on CCTV. We have a two-week retention policy for the CCTV footage.

You have the right to erase or edit anything you feel uncomfortable about in CCTV footage.

The CCTV is external only and not intrusive. The CCTV captures audio as well as images.

It is only accessed if there is a lawful legitimate reason a request for access.

Please be aware of talking about sensitive information when walking to the counselling room until in the privacy of the room. Please let me know your choice if you wish to speak or not at this point.

The camera angle is facing away from the counselling room and only captures what I need to and nothing more.

There are internal blinds for privacy inside the counselling room.

Signs are clearly visible that CCTV is in operation.

You can raise any queries or concerns you have about your personal data or footage, and I will respond appropriately to your request.

Lawful basis for gathering and using CCTV footage

I have responsibility for the CCTV.

The specific purpose for the CCTV is for health and safety reasons and protection of the client and myself while at the property. The CCTV is installed for security and as a deterrent, to protect the property and prevent crime.

Security measures

The upmost is done to keep CCTV footage secure and safe. Footage is accessed on my mobile phone, which is password protected and uses face recognition.

How long do I keep the data?

The data is kept for two weeks and deleted securely with a overwrite feature.

You have a right of access. This means that you can ask for a copy of your personal data including video recordings I hold of you. This is only for two weeks until footage is deleted by the overwrite system. I will deal with your request as soon as possible.

I can redact or remove footage where necessary.